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AMENDMENTS TO THE CLAIMS 
This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 
1-8. (Cancelled) 

9. (Currently Amended) In a client computing system, a method for participating in 
authentication with a server computing system, the method comprising: 

an act of the client computing system r eceiving a first server request that includes 
at least a first indication of the authentication mechanisms deployed at the server 
computing system and a server nonce : 

an act of the client computing system sending a first response to the server 
computing system and that includes a client public key, a client nonce and a selected set 
of at l e ast a second indication of the authentication mechanisms that were included in the 
first indication of the authentication mechanisms received from the server computing 
system and that are also deployed at [[both]] the client computing syste m and the 
auth e ntication mechanisms d e ployed at the s e rv e r computing system ; 

an act of identifying a tunnel key that can be used to encrypt content transferred 
between the client computing system and the server computing system , the tunnel key 
comprising a hash of a concatenation of the client public key together with the server 
nonce and the client nonce ; 

an act of receiving a second server request that includes encrypted authentication 
content, the encrypted authentication content being encrypted with the tunnel ke y and 
including a server challenge, a mutually deployed authentication method and a trust 
anchor ; 

an act of decrypting the encrypted authentication content with the tunnel key to 
reveal unencrypted authentication content, the unencrypted authentication content 
indicating a including the mutually deployed authentication mechanis m the server 
challenge and the trust anchor ; and 

an act of sending a second respons e to the second server request , the second 
response including encrypted response data that is responsive to the unencrypted 
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authentication content, including at least one of a client challenge, a hashed message 
authentication code that corresponds to the server challenge, or a client authentication 
signature, the encrypted response dat a being used for authenticating the client computing 
system w ith the server computing system according to the mutually deployed 
authentication mechanism. 

10. (Currently Amended) The method as recited in claim 9, wherein the first server 
request includes th e authentication m e chanisms d e ployed at the s e rv e r computing syst e m, a 
previous packet ID corresponding to a previous session existing between the client and the server 
computing systems and a Nonc e. 

11. (Original) The method as recited in claim 9, wherein the authentication 
mechanisms deployed at the server computing system include one more authentication 
mechanisms selected from among MS-CHAP v2, Authentication with MD5, Authentication with 
Generic Token Card, Authentication with Kerberos, Authentication with X.509, and 
Authentication with WS-Security. 

12. (Original) The method as recited in claim 9, wherein the authentication 
mechanisms deployed at the client computing system include one more authentication 
mechanisms selected from among MS-CHAP v2, Authentication with MD5, Authentication with 
Generic Token Card, Authentication with Kerberos, Authentication with X.509, and 
Authentication with WS-Security. 

13. (Currently Amended) The method as recited in claim 9, wherein the first response 
includes th e auth e ntication mechanisms d e ployed at the client computing system, a previous 
packet ID, a nonce, on e or more security associations, and one or more a plurality of p ublic keys. 

14. (Cancelled). 
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15. (Currently Amended) The method as recited in claim 9, wherein the act of 
receiving the second server request comprises receiving encrypted authentication content 
corresponding to an authentication method selected from among: negotiating an authentication 
method, r e authenticating, b oot-strapping a client with an existing user-name and password, 
boot-strapping a client with an X.509 certificate, authenticating with an X.509 certificate, and 
boot-strapping a new client with a Kerberos token. 

16. (Currently Amended) The method as recited in claim 9 claim 15 , wherein the 
second server request includes e ncrypted authentication cont e nt, a previous packet I D, a security 
association, and a public k e y . 

17. (Currently Amended) The method as recited in claim 9 claim 15 , wherein the act 
of sending the second response includes sending encrypted responsive data for an authentication 
method selected from among: n e gotiating an auth e ntication m e thod, r e authenticating, b oot- 
strapping a client with an existing user-name and password, boot strapping a client with an 
X.509 certificate, authenticating with an X.509 certificate, and boot-strapping a new client with a 
Kerberos token. 

18. (Currently Amended) The method as recite in claim 9 claim 16 , wherein the 
second response includes e ncrypted r e sponsive data and a the previous packet ID. 
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19. (Currently Amended) In a server computing system, a method for participating in 
authentication with a client computing system, the method comprising: 

an act of the server computing system sending a first request that includes at least 
a first indication of the authentication mechanisms deployed at the server computing 
syste m and a server nonce ; 

an act of the server computing system receiving a first client response to the first 
request and t hat includes a client public key, a client nonce and a selected set of at l e ast a 
second indication of — the authentication mechanisms that were included in the first 
indication of the authentication mechanisms deployed by the server and that are also 
deployed at both t he client computing system , and th e authentication mechanisms 
d e ployed at th e server computing system, th e auth e ntication m e chanisms d e ployed at the 
s e rv e r computing syst e m b e ing indicat e d by th e first indication ; 

an act of identifying a tunnel key that can be used to encrypt content transferred 
between the client computing system and the server computing system , the tunnel key 
comprising a hash of a concatenation of the client public key together with the server 
nonce and the client nonce ; 

an act of sending a second request that includes encrypted authentication content, 
the encrypted authentication content being encrypted with the tunnel key, the encrypted 
authentication content including a server challenge, indicating a mutually deployed 
authentication mechanism and a trust anchor ; and 

an act of receiving a second client response, the second client response including 
encrypted response data that is responsive to the encrypted authentication conten t and 
that includes at least one of a client challenge, a hashed message authentication code 
corresponding to the server challenge, or a client authentication signature, , the encrypted 
response data being used for authenticating the client computing system w ith the server 
computing system according to the mutually deployed authentication mechanism. 
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20. (Currently Amended) The method as recited in claim 19, wherein the first request 
includes the authentication mechanisms d e ployed at th e serv e r computing syst e m, a previous 
packet ID corresponding to a previous session existing between the client and the server 
computing svs 



21. (Original) The method as recited in claim 19, wherein the authentication 
mechanisms deployed at the server computing system include one more authentication 
mechanisms selected from among MS-CHAP v2, Authentication with MD5, Authentication with 
Generic Token Card, Authentication with Kerberos, Authentication with X.509, and 
Authentication with WS-Security. 

22. (Original) The method as recited in claim 9, wherein the authentication 
mechanisms deployed at the client computing system include one more authentication 
mechanisms selected from among MS-CHAP v2, Authentication with MD5, Authentication with 
Generic Token Card, Authentication with Kerberos, Authentication with X.509, and 
Authentication with WS-Security. 

23. (Currently Amended) The method as recited in claim 19, wherein the first client 
response includes th e authentication m e chanisms d e ployed at th e cli e nt computing syst e m, a 
pr e vious packet ID, a nonc e , on e or mor e s e curity associations, and on e or mor e a plurality of 
public keys. 

24. (Cancelled). 
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25. (Currently Amended) The method as recited in claim 19, wherein the act of 
sending a second request comprises sending encrypted authentication content corresponding to 
an authentication method selected from among: n e gotiating an auth e ntication m e thod, re - 



client with an X.509 certificate, authenticating with an X.509 certificate, and boot-strapping a 
new client with a Kerberos token. 

26. (Currently Amended) The method as recited in claim 19 claim 25 , wherein the 
second request includes e ncrypt e d auth e ntication content, a previous packet I D, a security 
association, and a public key . 

27. (Currently Amended) The method as recited in claim 19 claim 25 , wherein the act 
of receiving a second client response includes receiving encrypted responsive data for an 
authentication method selected from among: n e gotiating an auth e ntication m e thod, r e 
auth e nticating, b oot-strapping a client with an existing user-name and password, boot strapping a 
client with an X.509 certificate, authenticating with an X.509 certificate, and boot-strapping a 
new client with a Kerberos token. 

28. (Currently Amended) The method as recited in claim 19 claim 27 , wherein the 
second client response includes e ncrypt e d responsiv e data and a the previous packet ID. 

29. (New) The method recited in claim 9, wherein the first response also includes a 
plurality of security associations and wherein the second request includes one of the plurality of 
security associations selected from the plurality of security associations. 

30. (New) The method recited in claim 9, wherein the second response includes the 
client challenge. 




-boot-strapping a client with an existing user-name and password, boot-strapping a 
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31. (New) The method recited in claim 9, wherein the second response includes the 
hashed message authentication code. 

32. (New) The method recited in claim 9, wherein the second response includes the 
client authentication signature. 
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